https://pulumi.com logo
#aws
Title
# aws
p

purple-jelly-68780

08/21/2021, 10:25 PM
In my stack, I have an ACM certificate that is utilized by a CloudFront distribution. When resources are being replaced, the certificate is always attempting to be deleted before the distribution, which fails because obviously the distro still depends on the cert. Shouldn't the distribution be deleted or updated and then the certificate deleted? Happy to file an issue if needed, just wondering if anyone else has experienced this.
I've added the dependsOn attribute to the distribution so it depends on both the certificate and its validation, but that doesn't seem to change the behavior.
g

great-sunset-355

08/22/2021, 7:51 AM
I have a module that creates ACM and Cloudfront, I did not notice this problem. Except it sometimes created 2 certs and then removed one. What resources that require replacement are you updating? https://github.com/hashicorp/terraform/issues/18997
p

purple-jelly-68780

08/23/2021, 1:27 AM
@great-sunset-355 thanks for the response. I'm basically updating the domain name which requires certs and route 53 records to be replaced, and triggers a number of other updates. I'm working on a small example that can reproduce the problem now so I can share it
🙏 1
Well I made this stack, which is almost exactly the same as my stack, and the domain update behaved exactly as it was supposed to. So I must have something borked in the state of things. I'm probably just gonna destroy and start over from scratch. Thanks for looking at this @great-sunset-355, I appreciate it.
g

great-sunset-355

08/23/2021, 7:52 PM
Thanks. I will take a look as soon as I can because I could be affected by this as well
I had to vipe the state few times as well. It did not give me much confidence. Maybe worth exploring the state file before you destroy it